[Samba] Two SMB Domain member gateways to CEPHFS
Oskari Koivisto
oskari at datalounges.com
Tue Mar 30 10:58:06 UTC 2021
Hi, no no, Samba is NOT an AD DC.
it’s only a member in Domain and should only be used to authenticate user to the shares.
the ceph clusters are in 2 separate locations but both cluster are mainly accessed via different users and groups.
There is only few services that actually connects to both cluster.
Regards,
-Oskari
> On 30. Mar 2021, at 13.52, Rowland penny via samba <samba at lists.samba.org> wrote:
>
> On 30/03/2021 10:58, Oskari Koivisto wrote:
>> Hi,
>>
>> the realm in the smb.conf defines the actual domain. And that is set with .local
>>
>> As per samba documentation that’s the way it should be done.
>
>
> No, actually it isn't, the Samba wiki here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> Explicitly says to not use '.local':
>
> Make sure that you provision the AD using a DNS domain that will not need to be changed. Samba does not support renaming the AD DNS zone and Kerberos realm. Do not use |.local| for the TLD, this is used by Avahi.
>
> So is your dns domain 'mict.local' and your workgroup 'MICT' ?
>
> Note that the Samba wiki advises using a subdomain instead of a registered domain e.g. ad.mict.local
>
> Except that you shouldn't use '.local', even Microsoft says this is a bad idea.
>
>
>>
>> So the ceph is used as a backend storage for windows-hosts. Samba is the only way providing cephfs to windows-clients.
>>
>> The shares from the samba are mapped to users as netdrives and windows permissions should be set to the shares accordingly.
>
>
> That should work (mapping shares, that is), it sounds like your problem is with cephs and it sounds like your cephs cluster is spread out globally, I don't think this is a good idea.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list